home

1010343014.server12345.exe

ephestia

Any-Video-Converter.com

The executable 1010343014.server12345.exe has been detected as malware by 32 anti-virus scanners. This is a setup program which is used to install the application. The file has been seen being downloaded from directxex.com.
Publisher:
Any-Video-Converter.com

Product:
ephestia

Description:
Ludicros mulle

Version:
1.72.0039

MD5:
a0a74178804efbeb8040bdfb1a532e84

SHA-1:
bac346390254daffed72c48ad65abb1a7e784a39

SHA-256:
6879792e8d4852ae7e291fdc9a48895b33a84e36f1c79f319591239df118c0d9

Scanner detections:
32 / 68

Status:
Malware

Analysis date:
2/25/2025 11:11:00 PM UTC  (a few moments ago)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Trojan.GenericKD.1585564
1055

Agnitum Outpost
Backdoor.DarkKomet
7.1.1

AhnLab V3 Security
Spyware/Win32.Zbot
2014.03.12

Avira AntiVirus
TR/Dropper.VB.12185
7.11.136.98

AVG
Luhe.Fiha.A
2015.0.3533

Baidu Antivirus
Backdoor.Win32.DarkKomet
4.0.3.14316

Bitdefender
Trojan.GenericKD.1585564
1.0.20.375

Bkav FE
HW32.CDB
1.3.0.4959

Comodo Security
UnclassifiedMalware
17915

Dr.Web
BackDoor.Andromeda.267
9.0.1.075

Emsisoft Anti-Malware
Trojan.GenericKD.1585564
8.14.03.16.04

ESET NOD32
Win32/Injector.AYMT (variant)
8.9530

Fortinet FortiGate
W32/Boaxxe.BVB!tr
3/16/2014

F-Secure
Trojan.GenericKD.1585564
11.2014-16-03_1

G Data
Trojan.GenericKD.1585564
14.3.24

IKARUS anti.virus
Backdoor.Win32.DarkKomet
t3scan.2.2.29

K7 AntiVirus
Trojan
13.176.11408

Kaspersky
Backdoor.Win32.DarkKomet
14.0.0.4162

Malwarebytes
Backdoor.Bot
v2014.03.16.04

McAfee
PWSZbot-FLW!A0A74178804E
5600.7189

Microsoft Security Essentials
Worm:Win32/Gamarue.I
1.10302

MicroWorld eScan
Trojan.GenericKD.1585564
15.0.0.225

Norman
Suspicious_Gen4.FVVNP
11.20140316

nProtect
Trojan.GenericKD.1585564
14.03.11.02

Panda Antivirus
Generic Malware
14.03.16.04

Qihoo 360 Security
Win32/Trojan.Multi.daf
1.0.0.1015

Rising Antivirus
PE:Malware.XPACK-HIE/Heur!1.9C48
23.00.65.14314

Sophos
Mal/Zbot-PJ
4.98

Trend Micro House Call
TROJ_GEN.R0CBC0RC114
7.2.75

Trend Micro
TROJ_GEN.R0CBC0RC114
10.465.16

VIPRE Antivirus
Trojan.Win32.Generic
27288

XVirus List
Win.Detected
2.3.31

File size:
348 KB (356,352 bytes)

Product version:
1.72.0039

Copyright:
Xenophob interala postinfl 2006

Original file name:
Asqueal.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\downloads\1010343014.server12345.exe

File PE Metadata
Compilation timestamp:
2/25/2014 12:06:08 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
6144:/7MZZsiWMaduh0WlHzz4UUmxDt40ffB1mo+i+PQQg/7LRNQx42hH7OIu2D:/7Mzad20gHINmb4g51n1rQq7bQx4wbOM

Entry address:
0x1360

Entry point:
68, 00, 15, 40, 00, E8, F0, FF, FF, FF, 00, 00, 00, 00, 00, 00, 30, 00, 00, 00, 38, 00, 00, 00, 00, 00, 00, 00, A2, 0B, 4E, F6, 80, 7D, 28, 49, B8, 05, 8B, 79, 6E, 05, F6, 11, 00, 00, 00, 00, 00, 00, 01, 00, 00, 00, 00, 00, 04, 00, 00, 00, 68, 69, 6D, 61, 74, 69, 00, 01, 00, 00, 00, 00, FF, CC, 31, 00, 01, 52, 48, 67, 13, 30, 60, 60, 46, B3, CE, D1, 8B, CC, A2, 6B, E8, FF, 06, C7, AE, F5, F7, 12, 49, BC, AB, 69, E9, 16, 75, 9E, 45, 3A, 4F, AD, 33, 99, 66, CF, 11, B7, 0C, 00, AA, 00, 60, D3, 93, 00, 00, 00...
 
[+]

Entropy:
7.7369

Developed / compiled with:
Microsoft Visual Basic v5.0/v6.0

Code size:
336 KB (344,064 bytes)

The file 1010343014.server12345.exe has been seen being distributed by the following URL.

http://directxex.com/.../1010343014.server12345.exe

Remove 1010343014.server12345.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.